Bug 27047 - freerdp new security issue CVE-2020-15103
Summary: freerdp new security issue CVE-2020-15103
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2020-08-05 17:44 CEST by David Walser
Modified: 2020-08-18 22:44 CEST (History)
5 users (show)

See Also:
Source RPM: freerdp-2.1.2-1.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2020-08-05 17:44:11 CEST 
+++ This bug was initially created as a clone of Bug #27032 +++

FreeRDP 2.2.0 has been released, fixing a security issue:
https://github.com/FreeRDP/FreeRDP/releases/tag/2.2.0
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9

Fedora has issued an advisory for this on July 30:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/

Advisory:
========================

Updated freerdp packages fix security vulnerability:

Integer overflow due to missing input sanitation in rdpegfx channel. The input
rectangles from the server are not checked against local surface coordinates
and blindly accepted. A malicious server can send data that will crash the
client later on (invalid length arguments to a memcpy) (CVE-2020-15103).

The freerdp package has been updated to version 2.2.0, fixing this issue and
other bugs.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16135
https://github.com/FreeRDP/FreeRDP/releases/tag/2.2.0
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9
========================

Updated packages in core/updates_testing:
========================
freerdp-2.2.0-1.mga7
libfreerdp2-2.2.0-1.mga7
libfreerdp-devel-2.2.0-1.mga7

from freerdp-2.2.0-1.mga7.src.rpm
Comment 1 Herman Viaene 2020-08-10 14:11:17 CEST 
MGA7-64 Plasma on Lenovo B50
No installation issues.
Ref bug 24074
I cann't go any further than clean install, since I have no Windows version I can test against (rdp blocked in Windows 10 Home)

CC: (none) => herman.viaene

Comment 2 David Walser 2020-08-10 14:23:36 CEST 
You can enable RDP on Linux with xrdp and test against that.
Comment 3 Brian Rockwell 2020-08-18 04:02:47 CEST 
$ uname -a
Linux localhost.localdomain 5.6.14-desktop-2.mga7 #1 SMP Wed May 20 23:14:20 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

Aug 17 20:48:07 localhost.localdomain [RPM][4346]: erase lib64freerdp2-2.1.2-1.mga7.x86_64: success
Aug 17 20:48:07 localhost.localdomain [RPM][4346]: install lib64freerdp2-2.2.0-1.mga7.x86_64: success
Aug 17 20:48:07 localhost.localdomain [RPM][4346]: install freerdp-2.2.0-1.mga7.x86_64: success
Aug 17 20:48:07 localhost.localdomain [RPM][4346]: erase lib64freerdp2-2.1.2-1.mga7.x86_64: success
Aug 17 20:48:07 localhost.localdomain [RPM][4346]: install lib64freerdp2-2.2.0-1.mga7.x86_64: success
Aug 17 20:48:07 localhost.localdomain [RPM][4346]: install freerdp-2.2.0-1.mga7.x86_64: success


I set up a VirtualBox instance for remote access.  Tested it from a Windows PC and then turned around and used RDP.

$ xfreerdp /v:192.168.10.113:3389

everyone displayed as expected.  This is working as designed.

Whiteboard: (none) => MGA7-64-OK
CC: (none) => brtians1

Comment 4 David Walser 2020-08-18 04:31:21 CEST 
Advisory and package list in Comment 0.

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update

Aurelien Oudelet 2020-08-18 21:32:05 CEST

CC: (none) => ouaurelien
Keywords: (none) => advisory

Comment 5 Mageia Robot 2020-08-18 22:44:53 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0338.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.